[freeside-commits] branch master updated. 7ad62cea1758b8f2e4f0e0d4d8bab36a864b5938

Ivan ivan at 420.am
Wed May 7 02:05:38 PDT 2014 

The branch, master has been updated
       via  7ad62cea1758b8f2e4f0e0d4d8bab36a864b5938 (commit)
      from  028c83edfa000f6bdbcd32ee3ffd5ee5561110d2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7ad62cea1758b8f2e4f0e0d4d8bab36a864b5938
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Wed May 7 02:05:36 2014 -0700

    check old_password if passed to self-service API, require with config setting, RT#29015

diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 30cddd9..e5078f9 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -2860,6 +2860,13 @@ sub myaccount_passwd {
   my $error = '';
 
   my $conf = new FS::Conf;
+
+  return { 'error' => 'Incorrect current password.' }
+    if  ( exists($p->{'old_password'})
+          || $conf->exists('selfservice-password_change_oldpass')
+        )
+    && ! $svc_acct->check_password($p->{'old_password'});
+
   $error = 'Password too short.'
     if length($p->{'new_password'}) < ($conf->config('passwordmin') || 6);
   $error = 'Password too long.'
diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm
index f1893b7..08bd6a7 100644
--- a/FS/FS/Conf.pm
+++ b/FS/FS/Conf.pm
@@ -2869,6 +2869,13 @@ and customer address. Include units.',
   },
 
   {
+    'key'         => 'selfservice-password_change_oldpass',
+    'section'     => 'self-service',
+    'description' => 'Require old password to be entered again for password changes (in addition to being logged in), at the API level.',
+    'type'        => 'checkbox',
+  },
+
+  {
     'key'         => 'selfservice-hide_invoices-taxclass',
     'section'     => 'self-service',
     'description' => 'Hide invoices with only this package tax class from self-service and supress sending (emailing, printing, faxing) them.  Typically set to something like "Previous balance" and used when importing legacy invoices into legacy_cust_bill.',

-----------------------------------------------------------------------

Summary of changes:
 FS/FS/ClientAPI/MyAccount.pm |    7 +++++++
 FS/FS/Conf.pm                |    7 +++++++
 2 files changed, 14 insertions(+), 0 deletions(-)

More information about the freeside-commits mailing list